lacework-global-37
1.8 Ensure Identity and Access Management (IAM) password policy requires minimum length of 14 or greater (Automated)
Profile Applicability
• Level 1
Description
Password policies are, in part, used to enforce password complexity requirements. Use IAM password policies to ensure password are at least a given length. Best practices recommend that the password policy require a minimum password length of 14.
Rationale
Setting a password complexity policy increases account resiliency against brute force login attempts.
Audit
Perform the following to ensure the password policy is configured as prescribed:
From Console
- Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings)
- Go to IAM Service on the AWS Console
- Click on Account Settings on the Left Pane
- Ensure "Minimum password length" is set to 14 or greater.
From Command Line
aws iam get-account-password-policy
Ensure the output of the above command includes "MinimumPasswordLength": 14 (or higher)
Remediation
Perform the following to set the password policy as prescribed:
From Console
- Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings).
- Go to IAM Service on the AWS Console.
- Click Account Settings on the Left Pane.
- Set "Minimum password length" to
14
or greater. - Click "Apply password policy".
From Command Line
aws iam update-account-password-policy --minimum-password-length 14
- You can combine all commands starting with "aws iam update-account-password-policy" into a single command.
- You can utilize Lacework's remediation template to resolve violations of this policy. See Remediation Templates.
References
CCE-78907-3
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy